Skip to main content

Cyberduck

1 CVEs product

Monthly

CVE-2014-2845 MEDIUM POC This Month

Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Cyberduck
NVD
CVSS 3.1
5.9
EPSS
0.1%
EPSS 0% CVSS 5.9
MEDIUM POC This Month

Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Cyberduck
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy